Symantec SSL/TLS Certificate distrust

Hi folks! Further to the rollout of Symentec certificates being distrusted by all major browsers, I note that Firefox Beta & Nightly (63 & 64) now show the Oyster payment portal as an untrusted site:

Please not that Firefox version 63 lands October 23, and Google Chrome will distrust these certificates for its users approximately TWO WEEKS EARLIER than this. Do not fail to take action on this or your users will be

For more:
Mozilla Security blog from March 2018 - Distrust of Symantec TLS Certificates - Mozilla Security Blog
DigiCert blog from April 2018 (who took over these certificates from Symantec) - https://www.digicert.com/blog/getting-ahead-chrome-70-distrust-symantec-issued-certificates/

Test your sites using Mozilla’s Observatory tool - Mozilla Observatory
Google Security blog also from March 2018 - Google Online Security Blog: Distrust of the Symantec PKI: Immediate action needed by site operators

Hi @david_ross

We are aware that the Symantec certs are becoming untrusted in Firefox and Chrome shortly.

My colleagues who manage the Oyster site attempted to update the certs to a new provider last week but there were issues that we had to request re-issue of the cert.

We are going to attempt this again this week and we should be able to get the new certificate before the Firefox and Chrome updates come in to place for non-beta users.

thanks,
James
Service Performance Manager - Digital

1 Like

Thanks for the transparency! Best of luck to the team involved for the next crack at i t.

This appears to now have been fixed. Nice work TFL.
:smiley_cat:

Thanks @david_ross - the payments team deployed the new cert yesterday afternoon.